CA2033651C - Radiotelephone controller configured for coresident secure and nonsecure modes - Google Patents
Radiotelephone controller configured for coresident secure and nonsecure modesInfo
- Publication number
- CA2033651C CA2033651C CA002033651A CA2033651A CA2033651C CA 2033651 C CA2033651 C CA 2033651C CA 002033651 A CA002033651 A CA 002033651A CA 2033651 A CA2033651 A CA 2033651A CA 2033651 C CA2033651 C CA 2033651C
- Authority
- CA
- Canada
- Prior art keywords
- controller
- mode
- secure
- nonsecure
- calculating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
- Transceivers (AREA)
- Apparatuses For Generation Of Mechanical Vibrations (AREA)
- Acyclic And Carbocyclic Compounds In Medicinal Compositions (AREA)
- Gyroscopes (AREA)
- Telephone Function (AREA)
- Medicines Containing Antibodies Or Antigens For Use As Internal Diagnostic Agents (AREA)
- Measurement Of Unknown Time Intervals (AREA)
- Crystals, And After-Treatments Of Crystals (AREA)
- Measuring Pulse, Heart Rate, Blood Pressure Or Blood Flow (AREA)
- Electrophonic Musical Instruments (AREA)
- Eyeglasses (AREA)
Abstract
A controller (105) for a radiotelephone (100) having the capability of operation in both a secure mode for call authorization and a nonsecure mode for user interface is disclosed. The nonsecure mode and secure mode of operation are both resident in a single microcontroller (201) which runs the nonsecure operations until a requirement for the secure operation is requested during call placement. The nonsecure mode is disabled during the period of time the secure mode is operational and is reenabled upon completion of the secure mode operation. The secure mode cannot be accessed externally to the microcontroller (201).
Description
20;~3 RADIOTELEPHONE CONTROLLER CONFIGURED FOR
CO~ lT)ENT SECURE AND NONSECURE MODES
R~kFrolln-l Of t~e Tnventio~
The present invention i8 generally related to a controller for a radiotelephone, and more particularly to a radiotelphone 10 microcontroller having a secure mode of operation and a nonsecure mode of operation, each mode sharing common portions of a microcontroller while ret~inin~ independent secure and nonsecure functions.
Previously, operation in two separate and functionally 15 distinct modes - providing secure operation for one application and nonsecure operation for another - has been accomplished using several microcontrollers. Each microcontroller would operate in a wholly independent fashion, employing separate hardware while operating simultaneously be,Finnin~ at power 20 up. As a particular example, a mobile radiotelephone system such as that employed in the Nordic countries (and generally known as the Nordic Mobile Telephone, or NMT) and implementin~ SIS (Subscriber Identity Security - which is further tlefine.1 in SIS Addendum to NMT DOC 900-3, dated 25 July 1, 1988) has required three microcontrollers. The first microcontroller, the main system microcontroller, has been responsible for the radiotelephone system process execution.
The second microcontroller, the display microcontroller, has been respon~ihle for both display and keypad functions and 30 interface with the radiotelephone user. The third microcontroller, the SIS microcontroller, has been responsible for the security of the SAK (Subscriber 2~, 2 20~365 Authentication Key, the telephone call authorization number which i9 further de~cribed in SIS Addendum to NMT DOC
900-3 dated July 1, 1988 and as ~efine l by each of the Nordic countries) and interme~ te calculations required in the use of the SAK The SAK itself is a r~ntlom and user-specific 120 bit binary word which, ~mong other parameters, is progr~mme~l into the radiotelephone unit at the point at 10 which the user takes possession of the radiotelephone equipment. It is used when a radiotelephone call is to be made to ensure that the radiotelephone equipment is authorized to make a call. Typically, the SAK is not used in receiving a call.
In mini~ture portable radiotelephones (such as the MICROTAC portable radiotelephone available from Motorola, Inc. as model number F09EFD6930AA) physical space is at a premium and techniques of reducing the size of the electronic circuitry are required to achieve the necess~ry size 20 reductions. Merely increasing the processing capacity of one microcontroller and loading both the nonsecure and the secure operating modes into the one microcontroller does not protect the secure operation mode from undesired external access. Furthermore, since the secure operation mode 25 includes not only the storage and h~n-lling of the SAK but also the calculations and intermediate results from the calculation, both the storage and the calculations must be protected from access.
CO~ lT)ENT SECURE AND NONSECURE MODES
R~kFrolln-l Of t~e Tnventio~
The present invention i8 generally related to a controller for a radiotelephone, and more particularly to a radiotelphone 10 microcontroller having a secure mode of operation and a nonsecure mode of operation, each mode sharing common portions of a microcontroller while ret~inin~ independent secure and nonsecure functions.
Previously, operation in two separate and functionally 15 distinct modes - providing secure operation for one application and nonsecure operation for another - has been accomplished using several microcontrollers. Each microcontroller would operate in a wholly independent fashion, employing separate hardware while operating simultaneously be,Finnin~ at power 20 up. As a particular example, a mobile radiotelephone system such as that employed in the Nordic countries (and generally known as the Nordic Mobile Telephone, or NMT) and implementin~ SIS (Subscriber Identity Security - which is further tlefine.1 in SIS Addendum to NMT DOC 900-3, dated 25 July 1, 1988) has required three microcontrollers. The first microcontroller, the main system microcontroller, has been responsible for the radiotelephone system process execution.
The second microcontroller, the display microcontroller, has been respon~ihle for both display and keypad functions and 30 interface with the radiotelephone user. The third microcontroller, the SIS microcontroller, has been responsible for the security of the SAK (Subscriber 2~, 2 20~365 Authentication Key, the telephone call authorization number which i9 further de~cribed in SIS Addendum to NMT DOC
900-3 dated July 1, 1988 and as ~efine l by each of the Nordic countries) and interme~ te calculations required in the use of the SAK The SAK itself is a r~ntlom and user-specific 120 bit binary word which, ~mong other parameters, is progr~mme~l into the radiotelephone unit at the point at 10 which the user takes possession of the radiotelephone equipment. It is used when a radiotelephone call is to be made to ensure that the radiotelephone equipment is authorized to make a call. Typically, the SAK is not used in receiving a call.
In mini~ture portable radiotelephones (such as the MICROTAC portable radiotelephone available from Motorola, Inc. as model number F09EFD6930AA) physical space is at a premium and techniques of reducing the size of the electronic circuitry are required to achieve the necess~ry size 20 reductions. Merely increasing the processing capacity of one microcontroller and loading both the nonsecure and the secure operating modes into the one microcontroller does not protect the secure operation mode from undesired external access. Furthermore, since the secure operation mode 25 includes not only the storage and h~n-lling of the SAK but also the calculations and intermediate results from the calculation, both the storage and the calculations must be protected from access.
3 2~ ,5:~
mmAry of tl~ TnVentiorl Therefore, it is an object of the pre~ent invention to 5 provide a unique portable radiotelephone having a controller which functions in both a secure mode of operation and a nonsecure mode of operation.
It i8 another object of the present invention to provide a unique portable radiotelephone having a controller which employs a single microcontroller for both the secure and the nonsecure mode of operation.
Accordingly, these and other object~ are realized in the present invention which encompA~ses a~ortable 15 radiotelephone having a microcontroller~operable in a secure and a nonsecure mode of operation and having a secure storage for a subscriber authorization key and a secure calculation means which cannot be accessed external to the controller. The microcontroller further communicates with 20 an external user interface device in a nonsecure mode of operation. When the secure mode of operation is enabled the nonsecure mode is disabled.
Rrief l)escr~Dtil~n of the nrawin~
Figure 1 is a block diagram of a radiotelephone system which may employ the present invention.
Figure 2 is a block diagram of a controller for the 30 radiotelephone of Fig. 1 which may employ the present invention.
CE00244R ~0.~3651.
Figure 3 is a flowchart of the process employed by the radiotelephone of Fig. 1 to realize the present invention.
net~ile~l nescr~ tion of tllR Preferred F.mho~liment A portable radiotelephone 100 adapted to be used in a radiotelephone system such as the Nordic Mobile Telephone (NMT) system is shown in Figure 1. This portable radiotelephone 100 comprises a conventional radiotelephone 10 transmitter 101 and receiver 103 to provide radio communications. The radiotelephone transmitter 101 and receiver 103 are controlled by a controller 105 which further uses a Subscriber Authentication Key (SAK) to authorize 15 radiotelephone calls from the portable radiotelephone 100 to the wireline network via a Mobile Telephone eXch~nge (MTX) 107 and a fixed station 109. The user interfaces with the portable radiotelephone 100 via a conventional telephone-type matrix keypad 111 and an alphanumeric character display 20 113. User-generated acoustic energy is converted to an electrical signal by microphone 115 and coupled to transmitter 101 for modulation upon a radio frequency carrier and tr~n~mi~sion from an antenna 117. Radio frequency si~n~ls ~ece.~,ed on antenna 117 from the fixed station 109 are 25 converted to an electrical signal by receiver 103 and coupled to s~e~lrer 119 for conversion to acoustic energy for the user to hear.
Referring now to Fig. 2, a more detailed block diagram of controller 105 may be seen. A shared mode microcontroller 30 201, herein referred to as the SIS/Display Controller (SDC), functions in a nonsecure mode to communicate with and control the keypad 111 and the display 113, and functions in a CE0024~R ~0;~;~3fi~
secure mode to use the SAK. In the preferred embodiment, the SDC is a 68HCllE9 microcontroller available from Motorola, Inc. The controller ~ccomplishes the support of 5 both the Subscriber Identity Security (SIS) and the display/keypad functions by command interrupt switching between the two different and functionally diPtinct modes.
Upon power-up and under st~n~l~rd operation the SDC 201 operates in Display Mode until an SIS calculation is 10 requested. Upon leceiving this request, the SDC 201 exits the nonsecure Display Mode and enters the secure SIS Mode. In the preferred embodiment, the SIS Mode is requested when the user wishe~ to make a radiotelephone call. Upon the user's request to make a call, the portable radiotelephone 100, 15 conventionally under the control of main microcontroller 203 and the controlling program stored in memory 205, commences a radio tr~n~mission of the request to the fixed station 109 and the MIX 107. The MTX 107 and the fixed station 109 generate a random number and transmit the 20 random number to the portable radiotelephone 100. (In the preferred embo-liment, the main microcontroller is a 68HCllA8, available from Motorola, Inc.) The receiver 103 demodulates the tr~n~mission and presents the random number to the main microcontroller 203. The main 25 microcontroller, in turn, presents the r~n-3om number to the SDC 201 which calculates a signed response (SRES) from both the r~ntlom number and the SAK. The SRES is transmitted back to the f~sed station 109 and M7rX 107 via the main microcontroller 203 and transmitter 101. If the SRES matches 30 the indepentlently calculated SRES of the MTX, a call i~
allowed; if the SRES does not match the call is terminated.
CE00244R 2()336$~
Upon completion of the calculation of SRES by SDC 201, the SDC 201 exits the SIS Mode and returns to the Display Mode.
In the preferred embodiment, in order to m~int~in both the SRES calculating algorithm and the SAK secret, both the 5 object code and the SAK are programmed into internal EEPROM of the SDC 201. All calculation~ are performed in the SDC 201 in "single chip" mode where access to the memory i8 limited to onboard functions and any intermediate results are ~tored in internal RAM. Only information which 10 i9 sent back to the Sxed Sts~tion 109 and MTX 107 is sent to the main microcontroller 203 via the SIS bus. (Even though the chip operates in "single chip" mode, it i8 possible to read internal EEPROM by putting the chip into bootstrap mode. To prevent this, the configuration register's conventional NOSEC
15 bit is set, forcing the internal EEPROM to be erased whenever bootstrap mode i8 entered. Since the SAK is stored, inter alia, in internal EEPROM, this feature ensures its security).
The SIS Mode and the Display Mode use separate busses to commtlnicate with the attached devices. The SIS
20 bus 207 couples between the SDC 201 and the main microcontroller 203 and is composed of two serial lines:
transmit (SCI txd) and receive (SCI rxd). The Display Mode uses three busses: (1) a three wire bus 209 employing a bi-directional self-clocking configuration such as described in 25 U.S. Patent No. 4,369,516 for communication with the main micLoco~ oller 203; (2) Port "C" bus 211, employing seven lines for communication with the ten digit LCD (Liquid Crystal Display) dot matrix display 113; and (3) the combined Port "E" and Port "B" as bu~ 213 for monitoring the keypad by 30 row and column.
The process employed by SDC 201 in re~ ing the present invention is shown in the flowchart of F ig. 3.
CE00244R ~0~3~5 Commen~ing at the interrupt table 301, at power-up the Display Mode executive process is initialized at 303 and the Display Mode executive (main program) continues to run in the nonsecure mode. St~n~iArd control of messages written 5 into the display 113 or of detection and leco~iir~ of keypad 111 key presses are serviced by service display request block 307.
Communications with main microcontroller 203 via bus 209 are maintained by the process of block 309. Power shut down may be detected by the process of block 311 which, in the 1 0 preferred embo-iiment, detects the depression of a power-off button. Return from each of the three nonsecure processes is to the Display Mode executive at 305.
Upon detection of a request for service via the SIS bus 207, the process leaves the Display Mode and starts the SIS
1 5 executive at 315. In the preferred embodiment, the display 113 is frozen and keypad 111 is ignored during the SIS executive and subsequent processes. Reception of additional messages from the SCI rxd bus line is disabled and the SCI txd line is enabled at 317 and the particular request from the SIS bus 207 20 is decoded from ~mong six types of requests at 319. If the request is garbled or nonRenRical the no task process at 321 is followed and the request is ignored. If the random number sent by the MIX 107 and the f~ed station 109 has been received and conveyed by the main microcontroller 203 via SIS bus 207 25 the SRES is calculated from the random n-lmber and the SAK
and returned via the SCI txd line of SIS bus 207, at 323. If the SAK is initially being stored in the portable radiotelephone 100, the process of accepting, storing, and verifying the SAK
and the Sim (the manufacturer's reference number) is 30 accomplished at 325 in accordance with "Specification for NMT-SIS Key ~n~ement for NMT-900", dated July 1, 1988.
In the preferred emboAiment, a second SAK, publically 8 2033~S5 known, i~ used for test purposes. A test mode, at 327, may be entered via SIS bus 207 comm~n~l in which the public SAK is used for test radiotelephone calls. Upon power-up, a test i9 mAde~ at 329, in response to a SIS bus 207 comm~ntl to check for proper operation of the SIS system and whether a SAK has been stored in the EEPROM of SDC 201. Also, a request via SIS bus 207 for the manllfAct~lrer's reference number (Sim) cause~ the Sim to be recalled from the EEPROM of SDC 201 1 0 and sent to the display 113. At the conclusion of the requested one of the six tasks, the SCI txd line interrupt is disabled and the SCI rxd line is enabled of SIS bus 207 at 333 and operation returns to the noll~ecure Display Mode at 335.
Thus, a controller for a portable radiotelephone having the CApAbility of operation in both a secure mode and a nonsecure mode of operation has been shown and described.
The nonsecure mode and secure mode are both resident in a single microcontroller which runs the nonsecure operations until a req~ire~ent for the secure operation is requested. The 20 nonsecure mode is disabled during the period of time the secure mode is operational and is reenabled upon completion of the secure mode operation. The secure mode cannot be ~ccessed externally to the microcontroller. While a particular embodiment of the invention has been shown and described, it 25 is to be understood that the invention is not to be taken as limited to the specific embodiment herein, and that changes and mo iifi~tions may be made without departing from the true spirit of the invention. It is contemplated therefore to cover the pre~ent invention, and any and all such changes 30 and mo~lific~t;ons, by the appended claims.
We claim-
mmAry of tl~ TnVentiorl Therefore, it is an object of the pre~ent invention to 5 provide a unique portable radiotelephone having a controller which functions in both a secure mode of operation and a nonsecure mode of operation.
It i8 another object of the present invention to provide a unique portable radiotelephone having a controller which employs a single microcontroller for both the secure and the nonsecure mode of operation.
Accordingly, these and other object~ are realized in the present invention which encompA~ses a~ortable 15 radiotelephone having a microcontroller~operable in a secure and a nonsecure mode of operation and having a secure storage for a subscriber authorization key and a secure calculation means which cannot be accessed external to the controller. The microcontroller further communicates with 20 an external user interface device in a nonsecure mode of operation. When the secure mode of operation is enabled the nonsecure mode is disabled.
Rrief l)escr~Dtil~n of the nrawin~
Figure 1 is a block diagram of a radiotelephone system which may employ the present invention.
Figure 2 is a block diagram of a controller for the 30 radiotelephone of Fig. 1 which may employ the present invention.
CE00244R ~0.~3651.
Figure 3 is a flowchart of the process employed by the radiotelephone of Fig. 1 to realize the present invention.
net~ile~l nescr~ tion of tllR Preferred F.mho~liment A portable radiotelephone 100 adapted to be used in a radiotelephone system such as the Nordic Mobile Telephone (NMT) system is shown in Figure 1. This portable radiotelephone 100 comprises a conventional radiotelephone 10 transmitter 101 and receiver 103 to provide radio communications. The radiotelephone transmitter 101 and receiver 103 are controlled by a controller 105 which further uses a Subscriber Authentication Key (SAK) to authorize 15 radiotelephone calls from the portable radiotelephone 100 to the wireline network via a Mobile Telephone eXch~nge (MTX) 107 and a fixed station 109. The user interfaces with the portable radiotelephone 100 via a conventional telephone-type matrix keypad 111 and an alphanumeric character display 20 113. User-generated acoustic energy is converted to an electrical signal by microphone 115 and coupled to transmitter 101 for modulation upon a radio frequency carrier and tr~n~mi~sion from an antenna 117. Radio frequency si~n~ls ~ece.~,ed on antenna 117 from the fixed station 109 are 25 converted to an electrical signal by receiver 103 and coupled to s~e~lrer 119 for conversion to acoustic energy for the user to hear.
Referring now to Fig. 2, a more detailed block diagram of controller 105 may be seen. A shared mode microcontroller 30 201, herein referred to as the SIS/Display Controller (SDC), functions in a nonsecure mode to communicate with and control the keypad 111 and the display 113, and functions in a CE0024~R ~0;~;~3fi~
secure mode to use the SAK. In the preferred embodiment, the SDC is a 68HCllE9 microcontroller available from Motorola, Inc. The controller ~ccomplishes the support of 5 both the Subscriber Identity Security (SIS) and the display/keypad functions by command interrupt switching between the two different and functionally diPtinct modes.
Upon power-up and under st~n~l~rd operation the SDC 201 operates in Display Mode until an SIS calculation is 10 requested. Upon leceiving this request, the SDC 201 exits the nonsecure Display Mode and enters the secure SIS Mode. In the preferred embodiment, the SIS Mode is requested when the user wishe~ to make a radiotelephone call. Upon the user's request to make a call, the portable radiotelephone 100, 15 conventionally under the control of main microcontroller 203 and the controlling program stored in memory 205, commences a radio tr~n~mission of the request to the fixed station 109 and the MIX 107. The MTX 107 and the fixed station 109 generate a random number and transmit the 20 random number to the portable radiotelephone 100. (In the preferred embo-liment, the main microcontroller is a 68HCllA8, available from Motorola, Inc.) The receiver 103 demodulates the tr~n~mission and presents the random number to the main microcontroller 203. The main 25 microcontroller, in turn, presents the r~n-3om number to the SDC 201 which calculates a signed response (SRES) from both the r~ntlom number and the SAK. The SRES is transmitted back to the f~sed station 109 and M7rX 107 via the main microcontroller 203 and transmitter 101. If the SRES matches 30 the indepentlently calculated SRES of the MTX, a call i~
allowed; if the SRES does not match the call is terminated.
CE00244R 2()336$~
Upon completion of the calculation of SRES by SDC 201, the SDC 201 exits the SIS Mode and returns to the Display Mode.
In the preferred embodiment, in order to m~int~in both the SRES calculating algorithm and the SAK secret, both the 5 object code and the SAK are programmed into internal EEPROM of the SDC 201. All calculation~ are performed in the SDC 201 in "single chip" mode where access to the memory i8 limited to onboard functions and any intermediate results are ~tored in internal RAM. Only information which 10 i9 sent back to the Sxed Sts~tion 109 and MTX 107 is sent to the main microcontroller 203 via the SIS bus. (Even though the chip operates in "single chip" mode, it i8 possible to read internal EEPROM by putting the chip into bootstrap mode. To prevent this, the configuration register's conventional NOSEC
15 bit is set, forcing the internal EEPROM to be erased whenever bootstrap mode i8 entered. Since the SAK is stored, inter alia, in internal EEPROM, this feature ensures its security).
The SIS Mode and the Display Mode use separate busses to commtlnicate with the attached devices. The SIS
20 bus 207 couples between the SDC 201 and the main microcontroller 203 and is composed of two serial lines:
transmit (SCI txd) and receive (SCI rxd). The Display Mode uses three busses: (1) a three wire bus 209 employing a bi-directional self-clocking configuration such as described in 25 U.S. Patent No. 4,369,516 for communication with the main micLoco~ oller 203; (2) Port "C" bus 211, employing seven lines for communication with the ten digit LCD (Liquid Crystal Display) dot matrix display 113; and (3) the combined Port "E" and Port "B" as bu~ 213 for monitoring the keypad by 30 row and column.
The process employed by SDC 201 in re~ ing the present invention is shown in the flowchart of F ig. 3.
CE00244R ~0~3~5 Commen~ing at the interrupt table 301, at power-up the Display Mode executive process is initialized at 303 and the Display Mode executive (main program) continues to run in the nonsecure mode. St~n~iArd control of messages written 5 into the display 113 or of detection and leco~iir~ of keypad 111 key presses are serviced by service display request block 307.
Communications with main microcontroller 203 via bus 209 are maintained by the process of block 309. Power shut down may be detected by the process of block 311 which, in the 1 0 preferred embo-iiment, detects the depression of a power-off button. Return from each of the three nonsecure processes is to the Display Mode executive at 305.
Upon detection of a request for service via the SIS bus 207, the process leaves the Display Mode and starts the SIS
1 5 executive at 315. In the preferred embodiment, the display 113 is frozen and keypad 111 is ignored during the SIS executive and subsequent processes. Reception of additional messages from the SCI rxd bus line is disabled and the SCI txd line is enabled at 317 and the particular request from the SIS bus 207 20 is decoded from ~mong six types of requests at 319. If the request is garbled or nonRenRical the no task process at 321 is followed and the request is ignored. If the random number sent by the MIX 107 and the f~ed station 109 has been received and conveyed by the main microcontroller 203 via SIS bus 207 25 the SRES is calculated from the random n-lmber and the SAK
and returned via the SCI txd line of SIS bus 207, at 323. If the SAK is initially being stored in the portable radiotelephone 100, the process of accepting, storing, and verifying the SAK
and the Sim (the manufacturer's reference number) is 30 accomplished at 325 in accordance with "Specification for NMT-SIS Key ~n~ement for NMT-900", dated July 1, 1988.
In the preferred emboAiment, a second SAK, publically 8 2033~S5 known, i~ used for test purposes. A test mode, at 327, may be entered via SIS bus 207 comm~n~l in which the public SAK is used for test radiotelephone calls. Upon power-up, a test i9 mAde~ at 329, in response to a SIS bus 207 comm~ntl to check for proper operation of the SIS system and whether a SAK has been stored in the EEPROM of SDC 201. Also, a request via SIS bus 207 for the manllfAct~lrer's reference number (Sim) cause~ the Sim to be recalled from the EEPROM of SDC 201 1 0 and sent to the display 113. At the conclusion of the requested one of the six tasks, the SCI txd line interrupt is disabled and the SCI rxd line is enabled of SIS bus 207 at 333 and operation returns to the noll~ecure Display Mode at 335.
Thus, a controller for a portable radiotelephone having the CApAbility of operation in both a secure mode and a nonsecure mode of operation has been shown and described.
The nonsecure mode and secure mode are both resident in a single microcontroller which runs the nonsecure operations until a req~ire~ent for the secure operation is requested. The 20 nonsecure mode is disabled during the period of time the secure mode is operational and is reenabled upon completion of the secure mode operation. The secure mode cannot be ~ccessed externally to the microcontroller. While a particular embodiment of the invention has been shown and described, it 25 is to be understood that the invention is not to be taken as limited to the specific embodiment herein, and that changes and mo iifi~tions may be made without departing from the true spirit of the invention. It is contemplated therefore to cover the pre~ent invention, and any and all such changes 30 and mo~lific~t;ons, by the appended claims.
We claim-
Claims (8)
1. A controller for a radiotelephone apparatus which communicates with a fixed site and having an internal secure mode of operation and an internal nonsecure mode of operation, comprising:
means for inputting a message received from the fixed site;
means, responsive to said message, for calculating a signed response from a stored numerical subscriber authentication key, such that said numerical subscriber authorization key and said calculations cannot be accessed external to the controller;
means for communicating with a radiotelephone apparatus user interface device external to the controller; and means for enabling said means for calculating and for disabling said means for communicating when said means for calculating is enabled.
means for inputting a message received from the fixed site;
means, responsive to said message, for calculating a signed response from a stored numerical subscriber authentication key, such that said numerical subscriber authorization key and said calculations cannot be accessed external to the controller;
means for communicating with a radiotelephone apparatus user interface device external to the controller; and means for enabling said means for calculating and for disabling said means for communicating when said means for calculating is enabled.
2. A controller for a radiotelephone apparatus in accordance with claim 1 wherein said means for enabling is further characterized by means for determining a requirement for said signed response calculation.
3. A radiotelephone apparatus which generates and transmits a signed response when making a radiotelephone call, the signed response calculated from a random number and a subscriber authorization key and in which both the subscriber authorization key and the calculation is performed in a secure fashion in a controller, the radiotelephone apparatus comprising:
means in the controller for storing the numerical subscriber authentication key and for calculating the signed response therefrom, such that the numerical subscriber authorization key and the calculations cannot be accessed external to the controller;
means for communicating in a nonsecure manner with a keypad external to the controller whereby key depressions may be detected;
means for determining a requirement for said signed response calculation; and means for enabling said means for storing and calculating and for disabling said means for communicating when said means for storing and calculating is enabled.
means in the controller for storing the numerical subscriber authentication key and for calculating the signed response therefrom, such that the numerical subscriber authorization key and the calculations cannot be accessed external to the controller;
means for communicating in a nonsecure manner with a keypad external to the controller whereby key depressions may be detected;
means for determining a requirement for said signed response calculation; and means for enabling said means for storing and calculating and for disabling said means for communicating when said means for storing and calculating is enabled.
4. A method of generating a signed response when making a radiotelephone call in a radiotelephone apparatus, the signed response calculated from a random number and a stored subscriber authorization key and in which both the subscriber authorization key and the calculation is performed in a secure fashion in a radiotelephone apparatus controller, the method comprising the steps of:
calculating the signed response from the stored subscriber authentication key, such that the numerical subscriber authorization key and the calculation cannot be accessed external to the controller;
communicating in a nonsecure manner with a keypad external to the controller whereby key depressions may be detected;
determining a requirement for said signed response calculation; and enabling said calculating step and disabling said communicating step.
calculating the signed response from the stored subscriber authentication key, such that the numerical subscriber authorization key and the calculation cannot be accessed external to the controller;
communicating in a nonsecure manner with a keypad external to the controller whereby key depressions may be detected;
determining a requirement for said signed response calculation; and enabling said calculating step and disabling said communicating step.
5. A controller for a radiotelephone apparatus, the controller internally sharing processing modes, comprising:
means for receiving an input from a radiotelephone apparatus user interface device external to the controller;
means for processing said input in a nonsecure mode;
means for detecting a requirement for a secure processing mode;
means for disabling reception of said input;
means for calculating a signed response from a numerical subscriber authentication key in a secure processing mode; and means for reenabling said disabled input reception.
means for receiving an input from a radiotelephone apparatus user interface device external to the controller;
means for processing said input in a nonsecure mode;
means for detecting a requirement for a secure processing mode;
means for disabling reception of said input;
means for calculating a signed response from a numerical subscriber authentication key in a secure processing mode; and means for reenabling said disabled input reception.
6. A method for sharing internal processing modes in a controller for a radiotelephone apparatus, comprising:
receiving an input from a radiotelephone apparatus user interface device external to the controller;
processing said input in a nonsecure mode;
detecting a requirement for a secure processing mode;
disabling reception of said input;
calculating a signed response from a numerical subscriber authentication key in a secure processing mode;
and reenabling said disabled input reception.
receiving an input from a radiotelephone apparatus user interface device external to the controller;
processing said input in a nonsecure mode;
detecting a requirement for a secure processing mode;
disabling reception of said input;
calculating a signed response from a numerical subscriber authentication key in a secure processing mode;
and reenabling said disabled input reception.
7. A microcontroller for a radiotelephone apparatus, the microcontroller internally sharing processing modes, comprising:
means for receiving user information from a radiotelephone apparatus user interface device external to the microcontroller;
means for processing received user information in a nonsecure processing mode;
means for detecting a requirement for a secure processing mode;
means for disabling reception of said user information in response to said detected requirement;
means for receiving service request information and calculating a signed response from a stored subscriber authorization key in a secure processing mode internal to the microcontroller;
means for transmitting said calculated signed response; and means for reenabling said disabled reception of said user information.
means for receiving user information from a radiotelephone apparatus user interface device external to the microcontroller;
means for processing received user information in a nonsecure processing mode;
means for detecting a requirement for a secure processing mode;
means for disabling reception of said user information in response to said detected requirement;
means for receiving service request information and calculating a signed response from a stored subscriber authorization key in a secure processing mode internal to the microcontroller;
means for transmitting said calculated signed response; and means for reenabling said disabled reception of said user information.
8. A method of sharing processing modes in a microcontroller for a radiotelephone apparatus, the method comprising:
receiving user information from a radiotelephone apparatus user interface device external to the microcontroller;
processing said received information in a nonsecure processing mode;
detecting a requirement for a secure processing mode;
disabling reception of said user information in response to said detecting step;
receiving service request information and calculating a signed response from a stored subscriber authorization key in a secure processing mode internal to the microcontroller;
transmitting said calculated signed response; and reenabling said disabled reception of said user information.
receiving user information from a radiotelephone apparatus user interface device external to the microcontroller;
processing said received information in a nonsecure processing mode;
detecting a requirement for a secure processing mode;
disabling reception of said user information in response to said detecting step;
receiving service request information and calculating a signed response from a stored subscriber authorization key in a secure processing mode internal to the microcontroller;
transmitting said calculated signed response; and reenabling said disabled reception of said user information.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US461,570 | 1990-01-05 | ||
| US07/461,570 US5060264A (en) | 1990-01-05 | 1990-01-05 | Radiotelephone controller configured for coresident secure and nonsecure modes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2033651A1 CA2033651A1 (en) | 1991-07-06 |
| CA2033651C true CA2033651C (en) | 1994-11-08 |
Family
ID=23833112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002033651A Expired - Fee Related CA2033651C (en) | 1990-01-05 | 1991-01-04 | Radiotelephone controller configured for coresident secure and nonsecure modes |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US5060264A (en) |
| EP (1) | EP0436518B1 (en) |
| AT (1) | ATE146640T1 (en) |
| CA (1) | CA2033651C (en) |
| DE (1) | DE69123608T2 (en) |
| FI (1) | FI102928B1 (en) |
| NO (1) | NO178360C (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4989230A (en) * | 1988-09-23 | 1991-01-29 | Motorola, Inc. | Cellular cordless telephone |
| JP2782102B2 (en) * | 1989-12-18 | 1998-07-30 | 株式会社リコー | Facsimile machine |
| JP3008441B2 (en) * | 1990-04-28 | 2000-02-14 | 日本電気株式会社 | Security module |
| FR2662877B1 (en) * | 1990-05-29 | 1992-08-21 | France Etat | TELEPHONE INSTALLATION FOR REMOTE LOADING OF TELEPHONE SUBSCRIPTION DATA FROM AN AUTONOMOUS STATION. |
| US5214774A (en) * | 1990-07-30 | 1993-05-25 | Motorola, Inc. | Segmented memory transfer and message priority on synchronous/asynchronous data bus |
| US5297142A (en) * | 1991-07-18 | 1994-03-22 | Motorola, Inc. | Data transfer method and apparatus for communication between a peripheral and a master |
| KR0131142B1 (en) * | 1991-07-18 | 1998-04-21 | 안토니 제이. 살리 2세 | Method and apparatus for delivering priority data to peripheral devices of wireless telephone |
| SE468068C (en) * | 1991-09-30 | 1994-04-11 | Comvik Gsm Ab | Procedure for personalization of an active card, for use in a mobile telephone system |
| CA2078195C (en) * | 1991-11-27 | 1999-03-09 | Jack Kozik | Arrangement for detecting fraudulently identified mobile stations in a cellular mobile telecommunications network |
| US5396543A (en) * | 1991-11-27 | 1995-03-07 | At&T Corp. | Signaling arrangements in a cellular mobile telecommunications switching system |
| US5278890A (en) * | 1991-11-27 | 1994-01-11 | At&T Bell Laboratories | Paging arrangements in a cellular mobile switching system |
| US5329573A (en) * | 1991-11-27 | 1994-07-12 | At&T Bell Laboratories | Arrangement for obtaining authentication key parameters in a cellular mobile telecommunications switching network |
| US6324592B1 (en) | 1997-02-25 | 2001-11-27 | Keystone Aerospace | Apparatus and method for a mobile computer architecture and input/output management system |
| US6405049B2 (en) * | 1997-08-05 | 2002-06-11 | Symbol Technologies, Inc. | Portable data terminal and cradle |
| US6151677A (en) * | 1998-10-06 | 2000-11-21 | L-3 Communications Corporation | Programmable telecommunications security module for key encryption adaptable for tokenless use |
| SE515327C2 (en) * | 1999-08-27 | 2001-07-16 | Ericsson Telefon Ab L M | Device for carrying out secure transactions in a communication device |
| GB0212308D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Trusted user interface for a secure mobile wireless device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4228321A (en) * | 1978-05-16 | 1980-10-14 | Bell Telephone Laboratories, Incorporated | Privacy transmission system with remote key control |
| US4555805A (en) * | 1980-03-14 | 1985-11-26 | Harris Corporation | Secure mobile telephone system |
| US4368357A (en) * | 1980-11-14 | 1983-01-11 | International Telephone And Telegraph Corporation | Bypass apparatus for use in secure communication systems |
| US4560832A (en) * | 1984-02-27 | 1985-12-24 | T.A.D. Avanti, Inc. | Telephone system |
| DE3420874A1 (en) * | 1984-06-05 | 1985-12-05 | Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt | Method and arrangement for monitoring network access in telecommunications networks |
| FI77550C (en) | 1987-07-29 | 1989-03-10 | Nokia Mobira Oy | FOERFARANDE FOER SAMMANKOPPLING TILL ANVAENDARENS KORT VID EN MOBILRADIOTELEFON. |
| US5134700A (en) | 1987-09-18 | 1992-07-28 | General Instrument Corporation | Microcomputer with internal ram security during external program mode |
| DK624489A (en) * | 1989-12-11 | 1991-06-12 | Cetelco As | SECURITY CIRCUIT FOR A MOBILE PHONE AND A PROCEDURE FOR USING THE CIRCUIT |
-
1990
- 1990-01-05 US US07/461,570 patent/US5060264A/en not_active Expired - Lifetime
- 1990-12-28 FI FI906424A patent/FI102928B1/en not_active IP Right Cessation
-
1991
- 1991-01-04 CA CA002033651A patent/CA2033651C/en not_active Expired - Fee Related
- 1991-01-07 NO NO910044A patent/NO178360C/en not_active IP Right Cessation
- 1991-01-07 EP EP91300092A patent/EP0436518B1/en not_active Expired - Lifetime
- 1991-01-07 AT AT91300092T patent/ATE146640T1/en not_active IP Right Cessation
- 1991-01-07 DE DE69123608T patent/DE69123608T2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| FI102928B (en) | 1999-03-15 |
| EP0436518A2 (en) | 1991-07-10 |
| NO178360B (en) | 1995-11-27 |
| FI906424A7 (en) | 1991-07-06 |
| FI102928B1 (en) | 1999-03-15 |
| NO910044L (en) | 1991-07-08 |
| US5060264A (en) | 1991-10-22 |
| EP0436518B1 (en) | 1996-12-18 |
| EP0436518A3 (en) | 1992-07-01 |
| NO910044D0 (en) | 1991-01-07 |
| NO178360C (en) | 1996-03-06 |
| FI906424A0 (en) | 1990-12-28 |
| DE69123608D1 (en) | 1997-01-30 |
| ATE146640T1 (en) | 1997-01-15 |
| CA2033651A1 (en) | 1991-07-06 |
| DE69123608T2 (en) | 1997-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2033651C (en) | Radiotelephone controller configured for coresident secure and nonsecure modes | |
| EP1487228B1 (en) | Authentication of several wireless communication devices using a single SIM (Subscriber Identity Module) card | |
| US6138005A (en) | Method for verifying personalization in mobile radio terminal | |
| US7400906B2 (en) | Mobile communication terminal | |
| US5077790A (en) | Secure over-the-air registration of cordless telephones | |
| US6141563A (en) | SIM card secured subscriber unit | |
| US5794139A (en) | Automatic generation of private authentication key for wireless communication systems | |
| US6119020A (en) | Multiple user SIM card secured subscriber unit | |
| JP3456191B2 (en) | Mobile communication terminal | |
| US20040176071A1 (en) | Secure remote subscription module access | |
| US5887250A (en) | Mobile station having lock code based on secure value | |
| EP2416600A1 (en) | Wi-fi access method, access point and wi-fi access system | |
| JPWO1994005128A1 (en) | Location registration method for mobile communication terminals | |
| KR20010042992A (en) | Management of authentication and encryption user information in digital user terminals | |
| US8014790B2 (en) | Base station device for setting up the access rights for user terminals in response to user actuation of switches or buttons | |
| US20020081179A1 (en) | Smart card of a terminal, a terminal using a smart card, and an improved method for identifying a user by means of a smart card | |
| KR100779585B1 (en) | Potable terminal and function limiting method | |
| JP2005513316A (en) | Access control system | |
| EP0565528B1 (en) | Secure over-the-air registration of cordless telephones | |
| PL192616B1 (en) | Wireless communication system compatible with a public mobile communication system | |
| JP2000049933A (en) | Radio telephony equipment having keyboard | |
| WO2002091704A2 (en) | Secure remote subscription module access | |
| KR100293944B1 (en) | User identification method in mobile communication system | |
| JP2004289690A (en) | Mobile terminal device | |
| KR100950662B1 (en) | Smart card authentication method using network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed | ||
| MKLA | Lapsed |
Effective date: 19950704 |